Page 3 of 3
Posted: Sun Oct 22, 2006 3:29 pm
by nickman013
id:
ip:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Posted: Sun Oct 22, 2006 3:30 pm
by Flamie
then scottay was right all along, your $ip and $id have no values...
Posted: Sun Oct 22, 2006 3:32 pm
by Flamie
Show me the page that leads to this script (the page that contains the form that sends the POST information to this script)
Posted: Sun Oct 22, 2006 3:33 pm
by nickman013
Code: Select all
echo "<form action=/rmvcmt.php>";
echo '<input type=hidden name=ip value='.$ip.'>';
echo '<input type=hidden name=id value='.$row4['id'].'>';
echo '<div align=right><input type=submit value="Delete My Comment"></div></form>';
};
Thats the form.. I was looking in the source at the input values and they were correct... I just realized that the problem was I didnt set a method on the form. Thanks Alot.
thank you all so much for helping me.!!!!!!!
Posted: Sun Oct 22, 2006 3:34 pm
by Flamie
Hehe, hurray for that =)
np, glad we could help
Posted: Sun Oct 22, 2006 3:36 pm
by nickman013
Actually I got one more quick question (I hope)..
How can I add multiple WHERE's in my query.
This is my query that displays the comments
Code: Select all
$sql4 = "SELECT * FROM `comments` WHERE who =" . $row['Number'] . " ORDER BY `id` DESC";
How can I make it select the comments where row = number AND where show = 1 ?
Posted: Sun Oct 22, 2006 3:39 pm
by Flamie
after a WHERE, you need to have a boolean expression.
You can use the keywords AND and OR to make that
so say you want to select where fruit=apple or fruit=grape and vegetable=carrot you would do something like
WHERE (fruit='apple' OR fruit='grape') AND vegetable='carrot'
AND's are usually performed
before OR's so make sure you get parantheses right.
so for your case it would be:
Code: Select all
$sql4 = "SELECT * FROM `comments` WHERE who =" . $row['Number'] . " AND show=1 ORDER BY `id` DESC";
Posted: Sun Oct 22, 2006 3:44 pm
by nickman013
Thanks, but I get this error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'show=1 ORDER BY `id` DESC' at line 1
Posted: Sun Oct 22, 2006 3:46 pm
by Flamie
do `show`
Posted: Sun Oct 22, 2006 3:52 pm
by nickman013
Thanks Alot!!!!!!!!!!!
Posted: Sun Oct 22, 2006 3:56 pm
by Flamie
Welcome

Posted: Sun Oct 22, 2006 3:58 pm
by John Cartwright
Code: Select all
$id = intval($_POST['id']);
$ip = intval($_POST['ip']);
Your code is vulnerable to SQL Injection, consider verifying the data being inserted into your query.